A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming … | Continue reading
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. [...] | Continue reading
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. [...] | Continue reading
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). [...] | Continue reading
Microsoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates. [...] | Continue reading
Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. [...] | Continue reading
The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. [...] | Continue reading
On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. [...] | Continue reading
Learn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked … | Continue reading
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. [...] | Continue reading
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. [...] | Continue reading
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...] | Continue reading
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. [...] | Continue reading
Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. [...] | Continue reading
Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while typing or spell-checking a text. [...] | Continue reading
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. [...] | Continue reading
Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. [...] | Continue reading
Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. [...] | Continue reading
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. [...] | Continue reading
Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. [...] | Continue reading
Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. [...] | Continue reading
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. [...] | Continue reading
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. [...] | Continue reading
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that disrupted service disruptions as the RansomHub ransomware gang threatens to leak stolen data. [...] | Continue reading
The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). [...] | Continue reading
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. [...] | Continue reading
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. [...] | Continue reading
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. [...] | Continue reading
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...] | Continue reading
Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." [...] | Continue reading
American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. [...] | Continue reading
The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. [...] | Continue reading
The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. [...] | Continue reading
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. [...] | Continue reading
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. [...] | Continue reading
Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. [...] | Continue reading
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. [...] | Continue reading
AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. [...] | Continue reading
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...] | Continue reading
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. [...] | Continue reading
Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. [...] | Continue reading
The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. [...] | Continue reading
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. [...] | Continue reading
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [...] | Continue reading
Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...] | Continue reading
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. [...] | Continue reading
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...] | Continue reading
The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. [...] | Continue reading